package com.tinem.platform.web.gateway.config;

import com.google.common.net.HttpHeaders;
import com.tinem.platform.module.pojo.co.GatewayHeadName;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.util.pattern.PathPatternParser;

/**
 * @author fengzhihao
 * @version v1
 * @program: platform
 * @className WebSecurityConfig
 * @description TODO
 * @site 
 * @company 
 * @create 2020-07-02 19:59
 */
@Configuration
@SuppressWarnings("unchecked")
public class WebSecurityConfig {
    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeExchange()
//                .pathMatchers("/api.do").permitAll()
//                .pathMatchers("/webjars/**").permitAll()
//                .pathMatchers("/actuator").permitAll()
//                .pathMatchers("/actuator/**").permitAll()
                .pathMatchers("/**").permitAll()
                .and()
                .oauth2ResourceServer()
                .jwt();
        return http.build();
    }

    @Bean
    public CorsWebFilter corsFilter() {

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
        source.registerCorsConfiguration("/**", new CorsConfiguration());

        return new CorsWebFilter(source,(configuration,exchange)->{
            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, exchange.getRequest().getHeaders().getFirst("Origin"));
            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET, POST, PUT");
            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS
                    , GatewayHeadName.X_PLATFORM_RES_CODE
                            + "," + GatewayHeadName.X_PLATFORM_RES_MESSAGE
                            + "," + GatewayHeadName.X_PLATFORM_RES_SUCCESS
                            + "," + GatewayHeadName.X_PLATFORM_RES_TIMESTAMP
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_CODE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_SUCCES
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_MESSAGE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_SIGN
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_SIGN_TYPE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_CRYPTO_TYPE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_RES_TIMESTAMP
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQUEST_ID
            );
            exchange.getResponse().getHeaders().set(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,
                    HttpHeaders.AUTHORIZATION
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_TIMESTAMP
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_SERVICE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_METHOD
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_VERSION
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_API_REQUEST_ID
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_JWT
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_CHARSET
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_LANG
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_SIGN_TYPE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_SIGN
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_CRYPTO_TYPE
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_CRYPTO_KEY
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_CRYPTO_IV
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_DEBUG
                            + "," + GatewayHeadName.X_PLATFORM_GATEWAY_REQ_DEVICE
                            + "," + HttpHeaders.CONTENT_TYPE
                            + "," + HttpHeaders.USER_AGENT
                            + "," + HttpHeaders.REFERER
                            + ",CF-Connecting-IP"
                            + ",X-Forwarded-For"
                            + ",True-Client-IP"
                            + ",CF-ray"
                            + ",CF-IPCountry"
                            + ",CF-Visitor"
                            + ",CDN-Loop"
                            + ",CF-Worker"
            );
            return true;
        });
    }
}
